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CLAIMS 

What is claimed is: 





1 1. 


A method for managing addition and deletion of network nodes from and to a 




2 


secure multicast or broadcast group of nodes in a communications network 




3 


without a single point of failure, wherein each of the nodes is associated with 




4 


one of a plurality of replicated group controllers and wherein the nodes and 




5 


the group controllers are logically organized in a binary tree that represents 




6 


the network nodes and the group controllers, in which leaf nodes of the 




7 


binary tree represent network nodes that are joining or leaving the group, 


n 


8 


intermediate nodes represent other network nodes, and root nodes represent 


%3 


9 


the group controllers, the method comprising the steps of: 


~J 


10 


joining one of the group controllers to the plurality of replicated group 


r f| 


11 


controllers in a local network; 


ru 


12 


establishing, by one of the group controllers, a secure communication channel 




13 


between one of the group controllers and another of the group 


C3 

\ J 


14 


controllers using a key exchange protocol; 


I J 


15 


receiving a request to add or delete a node of the group from a load balancer 


^3 


16 


that is coupled to the plurality of group controllers; 




17 


creating and storing a new group session key for each node in each branch of 




18 


the tree that is affected by adding or deleting the node from the group; 




19 


distributing a group session key from one of the group controllers to the 




20 


network nodes. 




1 2. 


A method as recited in Claim 1, wherein distributing a group session key 




2 


further comprises: 




3 


receiving a token value at the group controller to designate the group 




4 


controller as having permission to selectively generate the group 




5 


session key and to generate node keys associated with the 




6 


intermediate nodes and the leaf nodes; and 
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7 creating and storing the group session key only when the group controller has 

8 the token value. 

1 3. A method as recited in Claim 1, wherein distributing a group session key 

2 further comprises : 

3 determining whether the secure multicast or broadcast group has a node that 

4 is leaving the secure multicast or broadcast group; 

5 determining which of the intermediate nodes are affected by the leaving node; 

6 updating keys associated with the affected intermediate nodes; 

7 generating a new group session key; and 

8 sending the new group session key to the leaf nodes. 



A method as recited in Claim 3, wherein updating keys comprises: 
generating a new key of a parent node of the leaving node; and 
encrypting the new key of the parent node with a key of a node adjacent to 
the parent node. 

1 5. A method as recited in Claim 1, wherein distributing a group session key 

2 further comprises: 

3 receiving a request message from one of the plurality of nodes to join the 

4 secure multicast or broadcast group; 

5 determining which of the intermediate nodes are affected by the joining node; 

6 updating keys associated with the affected intermediate nodes; 

7 generating a new group session key and a private key of the joining node; and 

8 sending a message comprising the new group session key, the private key, 

9 and the updated keys of affected intermediate nodes to the joining 
10 node. 

16. A method as recited in Claim 5, wherein updating keys comprises performing 

2 a one way hash function on the keys associated with the affected intermediate 

3 nodes. 
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2 
3 
4 



4 



1 7. A method as recited in Claim 1, wherein receiving a request comprises 

2 receiving the request at a load balancer having a single virtual address that 

3 represents the plurality of group controllers. 

1 8. A method as recited in Claim 7, further comprising the step of load balancing 

2 network traffic that is directed from a plurality of the nodes to the plurality of 

3 group controllers. 

1 9. A method as recited in Claim 1, wherein establishing a secure communication 

2 channel comprises exchanging a public key of the group controller with all 

3 other group controllers in the plurality of replicated group controllers based 

4 upon optimized broadcast Diffie-Hellman protocol. 

1 10. A method as recited in Claim 5, wherein establishing a secure communication 

2 channel comprises: 

3 receiving a public key value that is broadcast by the joining node; 

4 sending a collective public key value from the nodes to the joining node; 

5 computing a shared secret key; 

6 creating and storing a group shared secret key by exchanging private key 

7 values. 

1 11. A computer-readable medium comprising one or more sequences of 

2 instructions for managing addition and deletion of network nodes from and to 

3 a secure multicast or broadcast group of nodes in a communications network 

4 without a single point of failure, wherein each of the nodes is associated with 

5 one of a plurality of replicated group controllers and wherein the nodes and 

6 the group controllers are logically organized in a binary tree that represents 

7 the network nodes and the group controllers, in which leaf nodes of the 

8 binary tree represent network nodes that are joining or leaving the group, 
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9 intermediate nodes represent other network nodes, and root nodes represent 

10 the group controllers, and which instructions, when executed by one or more 

1 1 processors, cause the processors to carry out the steps of: 

12 joining one of the group controllers to the plurality of replicated group 

13 controllers in a local network; 

14 establishing, by one of the group controllers, a secure communication channel 

15 between one of the group controllers and another of the group 

16 controllers using a public key exchange protocol; 

1 7 receiving a request to add or delete a node of the group from a load balancer 

1 8 that is coupled to the plurality of group controllers; 

19 creating and storing a new group session key for each node in each branch of 

20 the tree that is affected by adding or deleting the node from the group; 

21 distributing a group session key from one of the group controllers to the 

22 network nodes. 

1 12. A computer-readable medium as recited in Claim 1 1 , wherein distributing a 

2 group session key further comprises: 

3 receiving a token value at the group controller to designate the group 

4 controller as having permission to selectively generate the group 

5 session key and to generate node keys associated with the 

6 intermediate nodes and the leaf nodes; and 

7 creating and storing the group session key only when the group controller has 

8 the token value. 

1 13. A computer-readable medium as recited in Claim 1 1 , wherein distributing a 

2 group session key further comprises: 

3 determining whether the secure multicast or broadcast group has a node that 

4 is leaving the secure multicast or broadcast group; 

5 determining which of the intermediate nodes are affected by the leaving node; 

6 updating keys associated with the affected intermediate nodes; 

7 generating a new group session key; and 
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sending the new group session key to the leaf nodes. 

14. A computer-readable medium as recited in Claim 3, wherein updating keys 
comprises: 

generating a new key of a parent node of the leaving node; and 
encrypting the new key of the parent node with a key of a node adjacent to 
the parent node. 

15. A computer-readable medium as recited in Claim 1 1, wherein distributing a 
group session key further comprises: 

receiving a request message from one of the plurality of nodes to join the 

secure multicast or broadcast group; 
determining which of the intermediate nodes are affected by the joining node; 
updating keys associated with the affected intermediate nodes; 
generating a new group session key and a private key of the joining node; and 
sending a message comprising the new group session key, the private key, 

and the updated keys of affected intermediate nodes to the joining 

node. 

16. A computer-readable medium as recited in Claim 15, wherein updating keys 
comprises performing a one way hash function on the keys associated with 
the affected intermediate nodes. 

17. A computer-readable medium as recited in Claim 11, wherein receiving a 
request comprises receiving the request at a load balancer having a single 
virtual address that represents the plurality of group controllers. 

18. A computer-readable medium as recited in Claim 1 7, further comprising the 
step of load balancing network traffic that is directed from a plurality of the 
nodes to the plurality of group controllers. 
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1 19. A computer-readable medium as recited in Claim 11, wherein establishing a 

2 secure communication channel comprises exchanging a public key of the 

3 group controller with all other group controllers in the plurality of replicated 

4 group controllers based upon Diffie-Hellman protocol. 



1 20. A computer-readable medium as recited in Claim 15, wherein establishing a 

2 secure communication channel comprises: 

3 receiving a public key value that is broadcast by the joining node; 

4 sending a collective public key value from the nodes to the joining node; 

5 computing a shared secret key; 

6 creating and storing a group shared secret key by exchanging private key 
■* 7 values. 



K S3 



r y 121. A method of managing addition and deletion of network nodes from and to a 

£ J 2 secure multicast or broadcast group of nodes in a communications network, 

£3 3 wherein each of the nodes is associated with a first group controller 

J jl 4 comprising information that is replicated in a plurality of group controllers, 

%J 5 and wherein the nodes and the group controllers are logically organized in a 

; 3 6 binary tree that represents the network nodes and the group controllers, in 

7 which leaf nodes of the binary tree represent network nodes that are joining 

8 or leaving the group, intermediate nodes represent other network nodes, and 

9 root nodes represent the group controllers, the method comprising the steps 

10 of: 

1 1 joining the first group controller in a local network in which the plurality of 

12 group controllers are coupled; 

1 3 establishing a secure channel between the first group controller and the 

14 plurality of group controllers through secure key exchange; 

15 receiving a request to add or delete a node from a load balancer that controls 

1 6 distribution of requests to the group controllers; 
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# t 

17 generating a new group session key for each node in each branch of the tree 

1 8 that is affected by adding or deleting the node from the group; 

19 distributing the group session key from the first group controller to the other 

20 group controllers over the secure channel 



1 22. A method as recited in Claim 2 1 , further comprising the steps of generating 

2 the group session key only when the first group controller is designated as a 

3 master group controller that is authorized to join nodes and generate group 

4 session keys. 



□ 1 23. A method as recited in Claim 22, further comprising the steps of successively 

% 2 2 designating different ones of the group controllers as the master group 

C3 3 controller in real time. 

m 

SI 

a sa 
fi I 

it 1 24. A method for creating a secure multicast or broadcast group, the method 

I 2 comprising the steps of; 

P 

, i 3 establishing a secure communication channel among a plurality of group 

* if 4 controllers via a public key exchange protocol; 

%i 5 load balancing traffic emanating from a plurality of nodes to the plurality of 

6 group controllers; and 

7 distributing a group session key by one of the group controllers based upon a 

8 logical arrangement of the nodes in a binary tree structure, the binary 

9 tree structure having a root node, intermediate nodes, and leaf nodes, 

10 wherein the plurality of nodes correspond to leaf nodes of the binary 

1 1 tree structure and the group controllers correspond to the root node. 



1 25. The method as recited in Claim 24, wherein the step of distributing further 

2 comprises: 

3 circulating a token among the plurality of group controllers to designate the 

4 one group controller as having permission to selectively generate the 
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5 group session key and keys associated with the intermediate nodes 

6 and the leaf nodes; and 

7 selectively generating the group session key based upon the circulating step. 

1 26. The method as recited in Claim 24, wherein the step of distributing further 

2 comprises: 

3 detecting whether the secure multicast or broadcast group has a node that is 

4 leaving the secure multicast or broadcast group; 

5 determining which of the intermediate nodes are affected in response to the 

6 detecting step; 

7 updating keys associated with the affected intermediate nodes; 

8 generating a new group session key; and 

9 sending the new group session key to the leaf nodes. 



43 zz~. 

The method as recited in Claim 26, wherein the step of updating comprises: 
generating a new key of a parent node of the leaving node; and 
encrypting the new key of the parent node with a key of a node adjacent to 
the parent node. 



Q 1 28. The method as recited in Claim 24, wherein the step of distributing further 

2 comprises: 

3 receiving a request message from one of the plurality of nodes to join the 

4 secure multicast or broadcast group; 

5 determining which of the intermediate nodes are affected in response to the 

6 receiving step; 

7 updating keys associated with the affected intermediate nodes; 

8 generating a new group session key and a private key of the joining node; and 

9 sending a message comprising the new group session key, the private key, 

10 and the updated keys of affected intermediate nodes to the joining 

1 1 node. 



1 

2 
3 
4 



27. 
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1 


29. 


The method as recited in Claim 28, wherein the step of updating comprises 




2 




performing a one way hash function on the keys associated with the affected 




3 




intermediate nodes. 




1 


30. 


The method as recited in Claim 24, further comprising addressing the 




2 




plurality of group controllers using a single virtual address. 




1 


31. 


A computer system that can manage addition and deletion of network nodes 




2 




from and to a secure multicast or broadcast group of nodes in a 


C3 


3 




communications network without a single point of failure, wherein each of 


%3 


4 




the nodes is associated with one of a plurality of replicated group controllers 


tS IS! 

* ! 


5 




and wherein the nodes and the group controllers are logically organized in a 


£9 


6 




binary tree that represents the network nodes and the group controllers, in 




7 




which leaf nodes of the binary tree represent network nodes that are joining 




8 




or leaving the group, intermediate nodes represent other network nodes, and 


£3 


9 




root nodes represent the group controllers, the computer system comprising: 


6 


10 




a load balancer coupled to the group controllers for interfacing inbound 


Cf 

% =J 


11 




service requests to a selected one of the group controllers; 


. «t 

& 3 


12 




a bus coupled to the load balancer for transferring data; 




13 




one or more processors coupled to the bus for selectively generating a group 




14 




session key under control of program instructions; 




15 




a memory coupled to the one or more processors via the bus; 




16 




one or more sequences of program instructions stored in the memory which, 




17 




when executed by the one or more processors cause the one or more 




18 




processors to perform the steps of: 




19 




joining one of the group controllers to the plurality of replicated group 




20 




controllers in a local network; 




21 




establishing, by one of the group controllers, a secure communication channel 




22 




between one of the group controllers and another of the group 




23 




controllers using a key exchange protocol; 
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24 receiving a request to add or delete a node of the group from a load balancer 

25 that is coupled to the plurality of group controllers; 

26 creating and storing a new group session key for each node in each branch of 

27 the tree that is affected by adding or deleting the node from the group; 

28 distributing a group session key from one of the group controllers to the 

29 network nodes. 
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